EMAIL SUPPORT
dclessons@dclessons.comLOCATION
USControllers Placements & Challenges
The placement of controllers has specific challenges regarding their reachability, NAT, and so on. By default, an edge device establishes one control channel to each controller, over each transport. You can control this behavior precisely, as required. For each transport, you can decide whether a control connection is established. You can configure this behavior from the GUI either globally or specifically by device (Configuration > Templates > VPN Interface Ethernet). You can also use the max-control-connections 0 interface configuration command to prevent a control connection from being established over a specific transport. Setting the number to 0 achieves this configuration. This configuration is particularly useful in scenarios where the interfaces connected to an MPLS network will never be able to establish the control connections to the vSmart controllers or vBond if the controllers are only reachable through the internet.
Cloud Controllers Connections
All controllers must be IP-reachable from all devices. First, controllers must be able to reach each other, and then each edge device must be able to reach all controllers. In terms of overall design considerations, various scenarios are implemented in various ways.
Cisco cloud-hosted deployment is the recommended mode of operation. Deployment is easier, because it is orchestrated with Cisco orchestration tools. Customers do not need to worry about design considerations that must be considered in an on-premises deployment. Cisco cloud-hosted deployment is very easy to scale out and provides redundancy of the control plane from the start.
The main requirement is to have internet connectivity from every site. With a single internet connection, however, you have no control plane redundancy.
On-Premises Controller Connections
Over the MPLS cloud, a customer edge (CE) router first terminates the MPLS. From there, normal routing should allow connectivity to the controllers. Routing could be over another network, such as a data center core device or network. Depending on the setup, a firewall might be in the way, between MPLS and the data center.
Especially for an on-premises deployment, you must be careful in vBond placement. If the vBond is placed correctly so that it can detect all NAT functions, NAT traversal is managed automatically.
Both of the following scenarios are supported:
- MPLS cloud and internet cloud are connected.
- MPLS cloud and internet are kept separate.
Cloud-Hosted Controllers: MPLS and Internet Connectivity
One design factor is determining whether the MPLS transport and the internet are connected (in other words, if the MPLS cloud has generic internet access).
If the MPLS transport has a connection to the internet, an edge device can establish control connections through both transports.
If not, the controllers are reachable only through internet transport, and each edge device has only a single control connection to the controllers. Therefore, if a local fault makes the internet unreachable in a location, controllers are lost. (However, the data plane traffic can still go through the MPLS cloud, which is described in the topic on high availability.)
In the first deployment, the internet transport is reachable from the MPLS transport through an extranet or a direct-connect connection, so the WAN Edge router can connect to the controllers directly from both transports. For this, the MPLS cloud may be advertising the publicly routable IP addresses of the controllers, or a default route, depending on the network.
Comment
TABLE OF CONTENTS
- Onboarding & Provisioning Configuring Templates
- Authentication between vSmart & vBond
- Authentication between vSmart Controller
- Authentication between vBond & vEdge Router
- Authentication between vEdge Router & vManage NMS
- Authentication between vSmart Controller & vEdge Router
- Viptela Specific Port Terminology
- Deploy & Configure vManage & Generate Certificate
- Deploy & Configure vBond & Generate Certificate
- Deploy & Configure vSmart & Generate Certificate
- Configure vEdge & Generate Certificate
- SDWAN & NAT
- Secure DataPlane Bringup
- Enterprise CA for SDWAN Instances
- ZTP Process & PnP Overview
- Control Plane & Data Plane Operation - Unicast Routing Overview
- Configuring OMP & Its attributes
- Configure Unicast Overlay Routing
- Routing Configuration Example
- Segmentation Overview
- Configuring Segmentation
- Segmentation Configuration Example
- Data Traffic across Private WANs
- NAT in SDWAN & Data Encryption
- SD-WAN Viptela Policy Overview
- SD-WAN Centralized & Localized Control Policy Overview
- SD-WAN Centralized & Localized Data Policy
- Application – Aware Routing Overview
- Service Chaining
- Traffic Flow Monitoring
- vEdge Router as NAT Device
- Zone Based Firewalls
- Configuring Application Aware Routing
- Configure Centralized Control Policy
- Configuring Centralized Data Policy
- Configuring Cflowd Traffic Monitoring
- Configuring Zone based Firewall
- Service Chaining Configuration Example
- Configuring Service Side NAT
- Configuring Transport side NAT
RECENT POSTS
- Understanding the ENSDWI Course: Advanced Cisco SD-WAN (Viptela) Concepts
- A Complete Guide to the DCACI-A Course: Mastering Advanced Cisco ACI Concepts
- How Our Online Python Certification Will Prepare You for a Career in Network Automation
- What You'll Learn in Juniper Mist Labs: A Deep Dive into AI-Driven Wireless Networking
- 10 Benefits of Studying Cisco ISE for Network and Security Folks
- Which AWS Advanced Networking Labs Course Includes # Real World Traffic Flows and Examines Objectives?
- How Do You Practice Cisco Nexus Configuration with Online Labs, No Physical Equipment?
- Why Cisco SD-WAN Viptela Training is Necessary in the Current Cloud-First Networking Age
- 5 Best Reasons to Learn Cisco SD-Access: From Networking Issues to Automation Solutions
- What is Cisco SD-LAN? A Beginner’s Guide to Software-Defined Access
LEAVE A COMMENT
Please login here to comment.